HTTP: Apple iTunes AAC File Handling Integer Overflow
This signature detects attempts to exploit a known vulnerability in the MP4/M4P/M4A/ACC file format. A successful attack can lead arbitrary remote code execution within the context of the user.
Extended Description
iTunes is prone to an integer-overflow vulnerability. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may help the attacker gain unauthorized access or escalate privileges.
Affected Products
Apple itunes
Short Name
HTTP:STC:DL:APPLE-ITUNES-IO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AAC Apple CVE-2006-1467 File Handling Integer Overflow bid:18730 iTunes
Release Date
06/27/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Apple
CVSS Score
5.1